malicious web page

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

diveprof

diveprof

Contributor
Messages
1,787
Reaction score
238
Location
Evans, GA (underwater of course)
# of dives
I know that you had some corrupted data earlier in the month, but I have during the past three days have received notice from my antivirus software that it has blocked a malicious attacK (virus) or suspicious webpage when accessing different forums in Scubaboard. Might want to asess this. I'm not getting these notices at any other time.
 
Ok. Can you post a screen shot of the antivirus report, and include the webpage you're trying to access.

The two items you speak of are un-related. Data corruption in the database and a virus are two different things.
 
I got a malicious page warning the other day also, haven't gotten it in a few days though. I cannot remember which page I was trying to access.
 
diveprof:
OK. I'll send you a PM.
Click to expand...

From your pm:

Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
12/31/2012 5:16:56 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,12/31/2012 5:16:56 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,3208,C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\cltlmh.exe,6192,Access Process Data,Unauthorized access blocked
Click to expand...


This is not a malicious web page warning.

From Norton's Support site: http://community.norton.com/t5/Norton-360/Unauthorized-Access-Blocked-Access-Process-Data/td-p/404488

What you describe are Norton Product Tamper Protection events, which are normal and harmless. Legitimate programs often attempt to access Norton files and processes. All such efforts are blocked in order to prevent Norton's operations from being disrupted or compromised by any outside agent, legitimate or malicious. These are not attacks, and Norton is simply logging the events. The outside programs are only prevented from interfering with Norton, and are otherwise allowed to run normally. Threats to your computer that require your attention will be announced through Norton alerts on your PC. The Norton logs are simply a record of Norton's activities.
Click to expand...

This could be from a legitimate Java script, or perhaps one of the banners you are being served is with Flash? I can't say specifically, because banners are not the same for everyone.


@ jasonb751

If you in fact receive a virus alert from a ScubaBoard page, I need a screen shot of the warning, including the page. Without details, I can't do anything to help.

All of our current daily virus and malware scans are clean. We have daily monitoring of all pages on ScubaBoard.com.
 
This the the other one I got. Don't remember what forum page I was on in SB.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
12/30/2012 8:32:43 AM,High,An intrusion attempt by 184.22.164.132 was blocked.,Blocked,No Action Required,Web Attack: Malicious Exploit kit Website,No Action Required,No Action Required,"184.22.164.132, 80",feziwibav.longmusic.com/47pxb8y/?4,"AD-PC (192.168.1.118, 50613)",184.22.164.132,"TCP, www-http"
Network traffic from <b>feziwibav.longmusic.com/47pxb8y/?4</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
 
diveprof:
This the the other one I got. Don't remember what forum page I was on in SB.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
12/30/2012 8:32:43 AM,High,An intrusion attempt by 184.22.164.132 was blocked.,Blocked,No Action Required,Web Attack: Malicious Exploit kit Website,No Action Required,No Action Required,"184.22.164.132, 80",feziwibav.longmusic.com/47pxb8y/?4,"AD-PC (192.168.1.118, 50613)",184.22.164.132,"TCP, www-http"
Network traffic from <b>feziwibav.longmusic.com/47pxb8y/?4</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Click to expand...

Are you sure you were on ScubaBoard? This says longmusic.com

Were you streaming music and surfing SB?

Do you use filesharing or other music sharing software on your computer?

I would suggest you do a full virus scan, and maybe a malware scan. Try malwarebytes.org

If you already have some malware infestation on your computer from somewhere else, it would cause warning on other sites that are not related to your malware.
 
Now that I think about it the last one may have been from a link in a post in one of the forums. Sorry, don't remember which one. I get the screenshot if it happens again.

---------- Post added December 31st, 2012 at 06:23 PM ----------

No, the only site I had open was SB.
 
diveprof:
Now that I think about it the last one may have been from a link in a post in one of the forums. Sorry, don't remember which one. I get the screenshot if it happens again.

---------- Post added December 31st, 2012 at 06:23 PM ----------

No, the only site I had open was SB.
Click to expand...

My point is... if you're getting warnings on other websites too. Then you have other issues.
 
HowardE:
Are you sure you were on ScubaBoard? This says longmusic.com

Were you streaming music and surfing SB?

Do you use filesharing or other music sharing software on your computer?

I would suggest you do a full virus scan, and maybe a malware scan. Try malwarebytes.org

If you already have some malware infestation on your computer from somewhere else, it would cause warning on other sites that are not related to your malware.
Click to expand...

Don't use file sharing or music sharing. Virus scan and malware scan are clean (thanks for the tip on the malware scan site). I do recollect that I had just opened and closed one of the banner ads on SB open though before clicking on a link in the post. Anyway, I get a screen shot if it happens again. Saw in your sig line that are recently married. Congrats!
 
You must log in or register to reply here.

Similar threads

Brett Hatch
  • Locked
  • Sticky
DIR- Generic The DIR forum RULES and GUIDELINES
Replies
0
Views
1,836
Brett Hatch
Brett Hatch
B
Perdix AI: Powerful, Simple….. Reliable ? (apologies, a rant)
2 3
Replies
25
Views
3,331
nz03
nz03
chrisjur
My Detailed Initial In-Water Impressions of Garmin Mk3i
2 3
Replies
28
Views
4,429
newkidondock
N
altsaint
Diving Modification For Weakened Ear Drum
3 4 5
Replies
47
Views
4,874
Duke Dive Medicine
Duke Dive Medicine
rmorgan
Conception trial begins
20 21 22
Replies
210
Views
17,807
coldwaterglutton
C

Back
Top Bottom